<!--

    Copyright (C) 2015 The Gravitee team (http://gravitee.io)

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

            http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.

-->
<div class="gv-page-container">
  <h1>OpenID Security profile</h1>
  <div>
    <div fxFlex="70">
      <form (ngSubmit)="save()">
        <div class="gv-form-section" fxLayout="column">
          <mat-slide-toggle
            (change)="enableFAPI($event)"
            [checked]="isFAPIEnabled()" [disabled]="!editMode">
            FAPI 1.0 Support
          </mat-slide-toggle>
          <mat-hint style="font-size: 75%;">Enable Financial-grade API Security Profile 1.0</mat-hint>
        </div>
        <div class="gv-form-section" fxLayout="column">
          <mat-slide-toggle
            (change)="enableFAPIBrazil($event)"
            [checked]="isFAPIBrazilEnabled()" [disabled]="!editMode">
            Open Banking Brasil FAPI 1.0 Support
          </mat-slide-toggle>
          <mat-hint style="font-size: 75%;">Enable Open Banking Brasil Financial-grade API Security Profile 1.0</mat-hint>
        </div>
        <div fxLayout="row" *ngIf="editMode">
          <button mat-raised-button color="primary" [disabled]="!formChanged" type="submit">SAVE</button>
        </div>
      </form>
    </div>
    <div class="gv-page-description" fxFlex>
      <h3>Financial-grade API Security Profile 1.0</h3>
      <div class="gv-page-description-content">
        <p>The Financial-grade API is a highly secured OAuth profile that aims to provide specific implementation guidelines 
          for security and interoperability (See <a href="https://openid.net/specs/openid-financial-api-part-1-1_0-final.html">FAPI 1.0 - part 1</a> and <a href="https://openid.net/specs/openid-financial-api-part-2-1_0.html">FAPI 1.0 - part 2</a>).</p>
        <p>Enable this option will perform specific controls and will required some behaviors that are optional in the OIDC core specification:</p>
          <ul>
            <li>Authorization endpoint parameters shall be provided using JWT Secured Authorization Request (by value or by reference)</li>
            <li>Request Object shall contains the exp and nbf claims with a maximum duration of 60 seconds </li>
            <li>PKCE code challenge method is restricted to S256</li>
            <li>PKCE is required when authorization endpoint parameters are provided using JWT Secured Authorization Request by reference</li>
            <li>reponse_mode jwt is required when the response_type value is code</li>
            <li>Client shall use mTLS connection to bind the access_token to the client certificate</li>
          </ul>
      </div>
      <h3>Open Banking Brasil Financial-grade API Security Profile 1.0</h3>
      <div class="gv-page-description-content">
        <p>The <a href="https://openbanking-brasil.github.io/specs-seguranca/open-banking-brasil-financial-api-1_ID2.html">Open Banking Brasil Financial-grade API</a> provides specific implementation guidelines for security and interoperability which can be applied to APIs in the Brasil Open Banking area that require a higher level of privacy than provided by standard Financial-grade API Security Profile 1.0 .</p>
        <p>Enable this option will:</p>
          <ul>
            <li>Authorize <i>cnpj</i> and <i>cpf</i> claims</li>
          </ul>
      </div>
    </div>
  </div>
</div>
